exim: set User= but run as root
LoadCredential= will set the owner of $CREDENTIALS_DIRECTORY and the credentials to User=. As currently Exim is currently has to be run as root in order to use the standard SMTP port and for local deliveries[1], set User=exim, but run all processes as root. [1]: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECID270
This commit is contained in:
parent
d7edeeac50
commit
e82cbd6f35
@ -65,8 +65,9 @@ in {
|
||||
config.environment.etc."exim.conf".source
|
||||
];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.exim}/bin/exim -bdf -q30m";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
ExecStart = "+${pkgs.exim}/bin/exim -bdf -q30m";
|
||||
ExecReload = "+${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
User = cfg.user.name;
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user